{"id":"CVE-2021-27962","details":"Grafana Enterprise 7.2.x and 7.3.x before 7.3.10 and 7.4.x before 7.4.5 allows a dashboard editor to bypass a permission check concerning a data source they should not be able to access.","aliases":["BIT-grafana-2021-27962"],"modified":"2026-04-10T04:31:37.404780Z","published":"2021-03-22T14:15:14.023Z","related":["SUSE-SU-2021:2660-1","SUSE-SU-2021:2673-1","SUSE-SU-2021:2675-1","SUSE-SU-2021:3907-1","SUSE-SU-2021:3908-1","openSUSE-SU-2021:1148-1","openSUSE-SU-2021:1162-1","openSUSE-SU-2021:2662-1","openSUSE-SU-2021:2675-1","openSUSE-SU-2024:10818-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2021/03/19/5"},{"type":"ADVISORY","url":"https://community.grafana.com"},{"type":"ADVISORY","url":"https://community.grafana.com/t/grafana-enterprise-6-7-6-7-3-10-and-7-4-5-security-update/44724"},{"type":"ADVISORY","url":"https://community.grafana.com/t/release-notes-v6-7-x/27119"},{"type":"ADVISORY","url":"https://grafana.com/blog/2021/03/18/grafana-6.7.6-7.3.10-and-7.4.5-released-with-important-security-fixes-for-grafana-enterprise/"},{"type":"ADVISORY","url":"https://grafana.com/docs/grafana/latest/release-notes/release-notes-7-4-5/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/grafana/grafana","events":[{"introduced":"efe4941ee38fb86062142a359640ede0abf66ac0"},{"fixed":"43e9cd2a02a7bcb955d95e6d9e330a4795380777"},{"introduced":"c2203b985929c0273afe132b0df7a06859b41b24"},{"fixed":"8a2c78d3f82ab36c1c53e745a755f0e63f01f360"}],"database_specific":{"versions":[{"introduced":"7.2.0"},{"fixed":"7.3.10"},{"introduced":"7.4.0"},{"fixed":"7.4.5"}]}}],"versions":["v7.4.0","v7.4.1","v7.4.2","v7.4.3","v7.4.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-27962.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N"}]}